rc.firewall (52449) | rc.firewall (52873) |
---|---|
1############ 2# Setup system for firewall service. | 1############ 2# Setup system for firewall service. |
3# $FreeBSD: head/etc/rc.firewall 52449 1999-10-24 00:26:49Z nsayer $ | 3# $FreeBSD: head/etc/rc.firewall 52873 1999-11-04 10:13:59Z ru $ |
4 5# Suck in the configuration variables. 6if [ -r /etc/defaults/rc.conf ]; then 7 . /etc/defaults/rc.conf 8elif [ -r /etc/rc.conf ]; then 9 . /etc/rc.conf 10fi 11 --- 104 unchanged lines hidden (view full) --- 116 117 # Allow any traffic to or from my own net. 118 ${fwcmd} add pass all from ${ip} to ${net}:${mask} 119 ${fwcmd} add pass all from ${net}:${mask} to ${ip} 120 121 # Allow TCP through if setup succeeded 122 ${fwcmd} add pass tcp from any to any established 123 | 4 5# Suck in the configuration variables. 6if [ -r /etc/defaults/rc.conf ]; then 7 . /etc/defaults/rc.conf 8elif [ -r /etc/rc.conf ]; then 9 . /etc/rc.conf 10fi 11 --- 104 unchanged lines hidden (view full) --- 116 117 # Allow any traffic to or from my own net. 118 ${fwcmd} add pass all from ${ip} to ${net}:${mask} 119 ${fwcmd} add pass all from ${net}:${mask} to ${ip} 120 121 # Allow TCP through if setup succeeded 122 ${fwcmd} add pass tcp from any to any established 123 |
124 # Allow IP fragments to pass through 125 ${fwcmd} add pass all from any to any frag 126 |
|
124 # Allow setup of incoming email 125 ${fwcmd} add pass tcp from any to ${ip} 25 setup 126 127 # Allow setup of outgoing TCP connections only 128 ${fwcmd} add pass tcp from ${ip} to any setup 129 130 # Disallow setup of all other TCP connections 131 ${fwcmd} add deny tcp from any to any setup --- 41 unchanged lines hidden (view full) --- 173 ${fwcmd} add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} 174 ${fwcmd} add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} 175 ${fwcmd} add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} 176 ${fwcmd} add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} 177 178 # Allow TCP through if setup succeeded 179 ${fwcmd} add pass tcp from any to any established 180 | 127 # Allow setup of incoming email 128 ${fwcmd} add pass tcp from any to ${ip} 25 setup 129 130 # Allow setup of outgoing TCP connections only 131 ${fwcmd} add pass tcp from ${ip} to any setup 132 133 # Disallow setup of all other TCP connections 134 ${fwcmd} add deny tcp from any to any setup --- 41 unchanged lines hidden (view full) --- 176 ${fwcmd} add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} 177 ${fwcmd} add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} 178 ${fwcmd} add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} 179 ${fwcmd} add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} 180 181 # Allow TCP through if setup succeeded 182 ${fwcmd} add pass tcp from any to any established 183 |
184 # Allow IP fragments to pass through 185 ${fwcmd} add pass all from any to any frag 186 |
|
181 # Allow setup of incoming email 182 ${fwcmd} add pass tcp from any to ${oip} 25 setup 183 184 # Allow access to our DNS 185 ${fwcmd} add pass tcp from any to ${oip} 53 setup 186 ${fwcmd} add pass udp from any to ${oip} 53 187 ${fwcmd} add pass udp from ${oip} 53 to any 188 --- 30 unchanged lines hidden --- | 187 # Allow setup of incoming email 188 ${fwcmd} add pass tcp from any to ${oip} 25 setup 189 190 # Allow access to our DNS 191 ${fwcmd} add pass tcp from any to ${oip} 53 setup 192 ${fwcmd} add pass udp from any to ${oip} 53 193 ${fwcmd} add pass udp from ${oip} 53 to any 194 --- 30 unchanged lines hidden --- |